blazehash 0.2.4

Forensic file hasher — hashdeep for the modern era, BLAKE3 by default
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

use anyhow::{Context, Result};
use argon2::{Algorithm as Argon2Algorithm, Argon2, Params, Version};
use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
use std::path::Path;

const APP_SALT: &[u8] = b"blazehash-signing-v1";

/// Derive an Ed25519 signing key from a password using Argon2id.
/// Same password always produces the same 32-byte seed → same keypair.
fn sig_path_for(manifest_path: &Path) -> std::path::PathBuf {
    let mut p = manifest_path.to_path_buf();
    let new_name = format!(
        "{}.sig",
        manifest_path
            .file_name()
            .and_then(|n| n.to_str())
            .unwrap_or("manifest")
    );
    p.set_file_name(new_name);
    p
}

fn pub_path_for(manifest_path: &Path) -> std::path::PathBuf {
    let mut p = manifest_path.to_path_buf();
    let new_name = format!(
        "{}.pub",
        manifest_path
            .file_name()
            .and_then(|n| n.to_str())
            .unwrap_or("manifest")
    );
    p.set_file_name(new_name);
    p
}

fn derive_key(password: &str) -> Result<SigningKey> {
    let params =
        Params::new(65536, 3, 1, Some(32)).map_err(|e| anyhow::anyhow!("argon2 params: {e}"))?;
    let argon2 = Argon2::new(Argon2Algorithm::Argon2id, Version::V0x13, params);
    let mut seed = [0u8; 32];
    argon2
        .hash_password_into(password.as_bytes(), APP_SALT, &mut seed)
        .map_err(|e| anyhow::anyhow!("argon2 hash: {e}"))?;
    Ok(SigningKey::from_bytes(&seed))
}

/// Read password from BLAZEHASH_SIGN_PASSWORD env var (with warning) or /dev/tty.
pub fn read_password() -> Result<String> {
    if let Ok(pw) = std::env::var("BLAZEHASH_SIGN_PASSWORD") {
        eprintln!(
            "[!] Warning: using BLAZEHASH_SIGN_PASSWORD env var — not recommended for production"
        );
        return Ok(pw);
    }
    let pw = rpassword::prompt_password("Enter signing password: ")
        .context("failed to read password from terminal")?;
    Ok(pw)
}

/// Sign `manifest_path`. Writes `.sig` sidecar. Prints public key to stderr.
pub fn sign(manifest_path: &Path) -> Result<()> {
    let password = read_password()?;
    let signing_key = derive_key(&password)?;
    let verifying_key = signing_key.verifying_key();

    let manifest_bytes = std::fs::read(manifest_path)
        .with_context(|| format!("cannot read manifest {}", manifest_path.display()))?;
    let signature: Signature = signing_key.sign(&manifest_bytes);

    let timestamp = std::time::SystemTime::now()
        .duration_since(std::time::UNIX_EPOCH)
        .unwrap_or_default()
        .as_secs();

    let pubkey_hex = hex::encode(verifying_key.to_bytes());
    let sig_content = format!(
        "blazehash-sig-v1\npubkey: {pubkey_hex}\nsigned: {timestamp}\nsig: {}\n",
        hex::encode(signature.to_bytes()),
    );

    // .sig sidecar path: manifest.hash → manifest.hash.sig
    let sig_path = sig_path_for(manifest_path);

    std::fs::write(&sig_path, &sig_content)
        .with_context(|| format!("cannot write {}", sig_path.display()))?;

    let pub_path = pub_path_for(manifest_path);
    std::fs::write(&pub_path, &pubkey_hex)
        .with_context(|| format!("cannot write {}", pub_path.display()))?;

    eprintln!("[+] Signed: {}", manifest_path.display());
    eprintln!("[+] Public key: {pubkey_hex}");
    eprintln!("[+] Signature: {}", sig_path.display());
    eprintln!("[+] Public key file: {}", pub_path.display());
    Ok(())
}

/// Verify `manifest_path` against its `.sig` sidecar and an expected public key hex.
/// Returns Ok(true) if valid, Ok(false) if invalid.
pub fn verify_sig(manifest_path: &Path, expected_pubkey_hex: &str) -> Result<bool> {
    let sig_path = sig_path_for(manifest_path);

    let sig_content = std::fs::read_to_string(&sig_path)
        .with_context(|| format!("cannot read sig file {}", sig_path.display()))?;

    let mut sig_hex = None;
    let mut embedded_pubkey_hex = None;
    for line in sig_content.lines() {
        if let Some(v) = line.strip_prefix("sig: ") {
            sig_hex = Some(v.to_string());
        }
        if let Some(v) = line.strip_prefix("pubkey: ") {
            embedded_pubkey_hex = Some(v.to_string());
        }
    }

    // Use expected pubkey (caller-supplied, for chain-of-custody) over embedded pubkey
    let pub_hex = if expected_pubkey_hex.is_empty() {
        embedded_pubkey_hex.ok_or_else(|| anyhow::anyhow!("no pubkey: line in sig file"))?
    } else {
        // Verify embedded pubkey matches expected (tamper check on sig file itself)
        if let Some(ref embedded) = embedded_pubkey_hex {
            if embedded.trim() != expected_pubkey_hex.trim() {
                eprintln!("[!] Sig file pubkey does not match --expected-pubkey");
                return Ok(false);
            }
        }
        expected_pubkey_hex.to_string()
    };

    let pub_bytes = hex::decode(pub_hex.trim()).context("invalid pubkey hex")?;
    let pub_arr: [u8; 32] = pub_bytes
        .try_into()
        .map_err(|_| anyhow::anyhow!("invalid pubkey length"))?;
    let verifying_key = VerifyingKey::from_bytes(&pub_arr)?;

    let sig_hex = sig_hex.ok_or_else(|| anyhow::anyhow!("no sig: line in sig file"))?;
    let sig_bytes = hex::decode(sig_hex.trim()).context("invalid sig hex")?;
    let sig_arr: [u8; 64] = sig_bytes
        .try_into()
        .map_err(|_| anyhow::anyhow!("invalid sig length"))?;
    let signature = Signature::from_bytes(&sig_arr);

    let manifest_bytes = std::fs::read(manifest_path)
        .with_context(|| format!("cannot read manifest {}", manifest_path.display()))?;

    match verifying_key.verify(&manifest_bytes, &signature) {
        Ok(()) => {
            eprintln!("[+] Signature valid — {}", manifest_path.display());
            Ok(true)
        }
        Err(_) => {
            eprintln!("[!] Signature INVALID — {}", manifest_path.display());
            Ok(false)
        }
    }
}

/// Auto-verify `.sig` sidecar if present. Returns Ok(false) if no sidecar (not an error).
pub fn auto_verify_sidecar(
    manifest_path: &Path,
    expected_pubkey_hex: Option<&str>,
) -> Result<bool> {
    let sig_path = sig_path_for(manifest_path);
    if !sig_path.exists() {
        return Ok(false);
    }
    eprintln!("[*] Found signature sidecar: {}", sig_path.display());
    let pubkey = expected_pubkey_hex.unwrap_or("");
    let valid = verify_sig(manifest_path, pubkey)?;
    if !valid {
        anyhow::bail!("manifest signature is INVALID — aborting. Use --ignore-sig to override.");
    }
    eprintln!("[K] Signature verified — {}", manifest_path.display());
    Ok(true)
}